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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible 
for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has 
been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 
CFR 1.114. Applicant's submission filed on 05/01/2008 has been entered. Claims 1-7, 9-14 and 
16-22 are still pending. 

Response to Arguments 

2. Applicant's arguments filed 05/01/2008 have been fully considered but they are not 
persuasive. It is Applicant's assertion that the amendment recitation "the behavioral pattern of 
packets comprises a behavioral password that includes a prescribed sequence of one or more 
of the following: connection requests, probes, and scans" is not taught by either Kalajan or 
Teraoka. The Examiner respectfully disagrees. Kalajan disclose password systems as a means 
for validation of communication packets (see column 4, lines 1-15). However Teraoka 
specifically identifies a source-host authenticator within in the packet header which is used for 
authentication purposes. Teraoka's source-host authenticator contains a predetermined secret 
key (Ks) which is well known in the art to be equivalent to a password (see column 7, line 47). 
Furthermore, the source-host authenticator is calculated by computing a checksum (which is 
also well known in the art to ensure data integrity and error detection) and the secret key of the 
data packet (see column 7, lines 59-64). 

Therefore, in response to Applicant's argument that "the use of sequence numbers to 
ensure packets are processed in order, as taught by Kalajan and Teraoka, is not the same as a 
"behavioral password", since a password is kept secret and the sequence order as taught by 
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Kalajan and Teraoka is known by all, and in any event packet sequence number order is not the 
same as a "prescribed sequence" of connection requests, probes, and/or scans, the Examiner 
asserts that packet sequence is ensured by the checksum (which again ensure data integrity 
and error detection) and the secret key (i.e. password) is unknown since it is a "secret". The 
Examiner believes Kalajan and Teraoka to still be relevant to Applicant's claimed invention. 
Furthermore, the Examiner respectfully asks the Applicant to define what is meant by 
"prescribed sequence" since it is not the same as packet sequence number order (please see 
below). Therefore the Examiner believes this disclosure meets Applicant's claim limitation and 
for at least these reasons the Examiner maintains the rejection of claims 1-7, 9-14 and 16-22. 
Claim Rejections - 35 USC §112 

3. Where applicant acts as his or her own lexicographer to specifically define a term of a 
claim contrary to its ordinary meaning, the written description must clearly redefine the claim 
term and set forth the uncommon definition so as to put one reasonably skilled in the art on 
notice that the applicant intended to so redefine that claim term. Process Control Corp. v. 
HydReclaim Corp., 190 F.3d 1350, 1357, 52 USPQ2d 1029, 1033 (Fed. Cir. 1999). The term 
"prescribed sequence" in claims 1, 14 and 16, according to Applicant is not the same as packet 
sequence number order, while the accepted meaning is that "prescribed sequence" and "packet 
sequence number" is one and the same. The term is indefinite because the specification does 
not clearly redefine the term. 

4. To expedite prosecution, the Examiner has treated the term "prescribed sequence" as 
being the same as "packet sequence number order" which is consistent with Applicant's original 
disclosure. 
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Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

5. Claims 1-7, 9-14, and 16 - 22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kalajan in US Patent No. 6202156 (hereinafter US '156) further in view of 
Teraoka in US Patent No. 6009528 (hereinafter US '528). 

6. For claim 1, and similar independent claims 14 and 16, US '156 discloses: 
A method for network security comprising: 

receiving a request from a remote address at a host; 

observing a behavioral pattern of packets associated with the request; 

authenticating the remote address based on the behavioral pattern of the packets 
associated with the request; and 

enabling access to the host by the remote address for a configurable time 
period if the remote address is authenticated; (see Abstract; Figure 1 ; column 1 , lines 35 - 
63, 65 - column 2, lines 1 - 1 0, 29 - 34, 37 - 43, 50 - 58: process of validating access 
request..., 60 - 65: time period...; column 6, lines 47-51: packet observation...) but does not 
expressly disclose wherein the authentication is based at least in part a determination that the 
observed behavioral pattern of the packets matches a pre-defined packet sequence 
and wherein the behavioral pattern of packets comprises a behavioral password that includes a 
prescribed sequence of one or more of the following: connection requests, probes, and scans 
(Kalajan et al discloses that password systems as a means for validation of communication 
packets (see column 4, lines 1-15). 

Teraoka however in US '528 teaches wherein the authentication is based at least in part 
a determination that the observed behavioral pattern of the packets matches a pre-defined 
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packet sequence (see Abstract; column 7, lines 43 - 46: authentication information is in the 
packet header; column 7, lines 53 - 58: packet header contents; column 9, lines 16-23: packet 
header authentication). 

Teraoka further discloses in US '528 wherein the behavioral pattern of packets 
comprises a behavioral password that includes a prescribed sequence of one or more of the 
following: connection requests, probes, and scans (see column 7, lines 53-58: source-host 
authenticator includes predetermined secret key (see column 7, line 47, 60-65)). 

Kalajan and Teraoka are analogous art because they are from the same problem solving 
areas (enhancing the security of communication on a network). At the time of the invention, it 
would have been obvious to a skilled artisan to modify the method of packet authentication of 
Kalajan such "that it would be based at least in part a determination that the observed 
behavioral pattern of the packets matches a pre-defined packet sequence; wherein the 
behavioral pattern of packets comprises a behavioral password that includes a prescribed 
sequence of one or more of the following: connection requests, probes, and scans" such as 
packet header authentication as in Teraoka. The motivation for doing so would have been to 
enhance network security. 

For claim 2, and similar claim 17, US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 further including preventing a response from being sent to the remote address, (see 
column 1 , lines 36 - 37; column 3, lines 1 7 - 20) 

For claim 3, and similar claim 18, US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein receiving a request from a remote address at the host further includes receiving 
a probe, (see column 2, lines 42 - 43; column 4, lines 41 - 43, 58-61) 
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For claim 4, and similar claim 19 US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein observing a pattern associated with the request further includes recording data 
received at the host, (see column 4, lines 33: firewall; column 6, lines 47 - 56) 

For claim 5, and similar claim 20, US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein observing a pattern associated with the request further includes matching the 
pattern to a list, (see column 4, lines 1-11) 

For claim 6, US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein observing a pattern associated with the request further includes recording a 
sequence, (see column 4, lines 1 - 1 1 , 35 - 39 and 54 -61 ) 

For claim 7, and similar claim 21 US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein authenticating the remote address based on the pattern associated with the 
request further includes comparing the pattern to a list, (see column 4, lines 1-11 and 54-61) 

For claim 9, and similar claim 22 US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein authenticating the remote address based on the pattern associated with the 
request further includes preventing a response being sent to the remote address if the remote 
address fails to authenticate, (see column 4, lines 62 - 65: blocked by firewall; column 5, lines 
53 - 56) 

For claim 10, US '156 teaches: 
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A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein authenticating the remote address based on the pattern associated with the 
request further includes denying access to the host if the remote address fails to authenticate, 
(see column 5, lines 53 - 56 and 65 - column 6, lines 1-7) 

For claim 11, US '1 56 teaches: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein authenticating the remote address based on the pattern associated with the 
request further includes sending a message to the remote address if the request fails to 
authenticate, (see column 5, lines 53 - 56 and 65 - column 6, lines 1-7) 

For claim 12, US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein enabling access to the host by the remote address further includes providing 
access for a configurable amount of time, (see column 2„ lines 61 - 64 and column 4, line 66 - 
column 5, lines 1 - 4) 

For claim 13, US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited in 
claim 1 wherein enabling access to the host by the remote address further includes 
implementing a handshake between the remote address and the host, (see column 4, lines 54 - 
58) 

Conclusion 

7. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to LAUREL LASHLEY whose telephone number is (571)272-0693. The 
examiner can normally be reached on Monday - Thursday, alt Fridays btw 7:30 am & 5 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr. can be reached on 571-272-3799. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 

PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 

would like assistance from a USPTO Customer Service Representative or access to the 

automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Laurel Lashley 
Examiner 
Art Unit 2132 

IL U 

17 July 2008 
/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2132 



